IT infrastructure 2025: best practices for switching to Russian software and PAC

The conference was attended by representatives of such organizations as Rosatom, Sinara, FGKU UVO VNG of Russia in the city of Moscow, Rosagroleasing, Arkhangelsk Pulp and Paper Mill, Russian Railways Business Asset, MTS, Bank of Russia, Gazprombank Avtolizing, VNIIZHT, NPP KuibyshevTelecom-Metrology, Rosseti Tsygna. The event was hosted by Alexey Voronin.

Master Data and Master Neural Networks

Igor Tatarenko, director of the department "Master-Date," "RusClimat," devoted his report to the data management system, which, according to him, is the basis for the implementation of digital processes and begins with the creation of a single source of master data.

Igor Tatarenko, Director of the Department "Master-Date," "RusClimat"

Only those data that participate in the processes are important, it is useless to collect all the data in a row, just in case, - Igor Tatarenko is sure. - And to work correctly with data, you need to create a separate, independent department that deals only with master data.

The work on building an effective data management infrastructure begins with a management solution that requires an understanding of the need for changes and business compliance with modern requirements, the speaker noted.

The procedure is as follows. First, key processes, necessary changes are defined, then the data in internal systems is ordered. A single and master data system is created. Data Base is synchronized with each other, uniform rules for working with data are introduced, a uniform set of information for all products is approved.

The next step is complete change management, monitoring of issues and discrepancies. A single data source is introduced for all departments, and all workarounds are blocked. Finally, the data is completely updated, the data for all new products is started according to the new requirements.

Valentin Kaskov, Information Technology Director, International Holding "Special Systems and Technologies," emphasized the benefit of an independent assessment of the quality and performance of the neural network implemented in the company. He recalled GOST R59898-2021, which, according to him, gives an upper-level understanding of the audit of artificial intelligence, about the audit according to the Sberbank method, and also proposed using the cascade testing method on a multi-agent cluster.

Valentin Kaskov, Director of Information Technology, "Special Systems and Technologies"

Valentin Kaskov said that within the framework of this method, verification and verification of the results obtained by previous neural networks is carried out. He explained that neural networks themselves are able to form a hierarchy and understand which of them is better versed in the data presented for processing, and then choose a network - the main arbiter. The result will be the generation by neural networks of a cascade of training context and additional training of the tested neural network. The percentage of erroneous responses after post-training by the cascade method decreases from 12% to 4.8%, and the total percentage of anomaly reduction in responses is 60%.

{{quote 'Business is most often not an expert in the field of artificial intelligence and is not able to assess how good the implemented neural network is, "explains Valentin Kaskov. - We were puzzled by the question of how to make sure that the quality of the "neuron" is assessed not by people, but by artificial intelligence itself, and with the possibility of further further training, and came to this method of cascading testing. }}

It's time for PACS

Maxim Savelyev, Head of the Big Data Infrastructure Development Department of the Database Administration Department, VTB, spoke about the introduction of domestic hardware and software systems (PAC) for large databases in the bank.

Maxim Savelyev, Head of the Big Data Infrastructure Development Department of the Database Administration Department, VTBF

He outlined both the advantages and problems of using Russian PAC. Such products are a comprehensive solution that can reduce maintenance costs and capitalize financial costs. Other advantages include a single support window and compliance with import substitution requirements.

The difficulties of integrating PAC into the bank's infrastructure, where its monitoring and management systems arise, but they are overcome. To solve possible problems, you need testing on large installations. Then the identified shortcomings are solved together with the vendor. But the long life cycle of software components inside the PAC is an unambiguous minus. If new major versions are released, the entire software must be reinstalled.

The bank has implemented the largest installation in Russia "Skala^r." There are more than 60 PACS, the four largest have more than 90 nodes. The total amount of data is more than 60 Pb. The organization has created an internal competence center for PAC of large databases. Among other things, OCRed Hat Enterprise Linux was replaced with Astra Linux, for which the PAC architecture was finalized and the complex was rebuilt at the bank's site.

In the future, we want to implement backup based on a completely Russian technology stack, - Maxim Savelyev shares the details. - Plans for Rubackup backup and Tatlin.Backup.

Kirill Dmitriyev, product manager, Selectel, presented the company's technical servers as software and hardware complexes (PAC) with Select OS preinstalled. He outlined the capabilities of the OS itself and cited the case of a specialized PAC created for video content providers.

The speaker said it was time for the PAC. Customers have increased performance and energy efficiency requirements. The number of specific tasks is growing, as is the need for predictability. "Our servers provide a balance between power and efficiency," says Kirill Dmitriyev. "They are ready, among other things, for ML loads and successfully work with GPU graphics cards." He cited the technical characteristics of the company's servers: processors Intel AMD EPYC 5• Xeon 6/;

• Up to 24 high-performance NVME drives
• support for network adapters up to 400 Gb/s.

Dmitry Polyakov, director of professional services, "Skala^r," spoke about the modular platform "Skala^r" for building an infrastructure of highly loaded corporate and state information systems. He gave a brief background: nine years of serial production, more than 600 complexes in industrial operation, over 8500 computing nodes.

Dmitry Polyakov, Director of Professional Services, "Skala^

]]

In addition, the speaker introduced the company's product range to the audience:

• Dynamic infrastructure - Skala^r MW virtualization machines
• high-performance databases - "Skala^r MBD" database machines;
• artificial intelligence machine;
• Big Data Management - Big Data Machines Skala^r MBD.8
• Intelligent data storage - Skala^r MHD data storage machines.

"Customer support is organized according to the principle of a single window," said Dmitry Polyakov. He spoke more about some products, introducing a technology stack on which the platform is implemented. He gave information about the implemented case at Gazprombank.

Work without downtime

Valery Ivlev, Head of Resource Accounting, NSD, spoke about the project to increase the level of maturity of capacity management implemented in the Moscow Exchange group of companies.

Valery Ivlev, Head of Resource Accounting, NSD

The original goals were to deal with the capacity required to carry out the project. It was necessary to ensure transparency of the IT infrastructure, to agree on how to measure and assess its availability. It was also necessary to start a cycle of continuous improvement of the system in order to be able to use the most innovative technologies.

The work was done in three stages:

1. Survey - internal audit of IT, identification of infrastructure bottlenecks.
2. Road maps - drawing up a list of measures, categorizing by processes and directions, determining the degree of importance.
3. Efficiency - development of metrics for top management, reporting on metrics, collection of metrics in dashboards, control of deviations.

Initially, we had a goal to deal with capacity management, and we put customer focus first, "he says. - It is important for us that the client can get all the necessary data at his request. This can be both a consultation on the required capacity and the capacity itself to implement the initiative.

The project has been completed. The company now has granularity on needs as part of infrastructure investment requests. It is clear how and where the purchases took place servers and. DSS The fifth level of capabilities of the availability management and capacity management process has been achieved. Budget and procurement procedures were accelerated by 35%. We managed to get complete transparency of the capacity planning and budgeting process.

Yuri Vlasov, Head of DevOps, SDEK, reviewed the software update procedure in various aspects, focusing on the practice of updating software operating in industrial operation without downtime.

Yuri Vlasov, Head of DevOps, SDEK

The speaker recalled the differences in updating software modules and services, listed update options in the general case (multi-stage launch of updates, parallel, etc.), gave recommendations, regardless of the options and ways of updating:

• Make backups before updating
• Configure system health monitoring
• prepare a rollback plan for the previous version;
• test the update in a copy of the production environment (the so-called "staging environment");
• Document the update process.

When updating, it is necessary to take into account the architecture of the application, work out emergencies, optimize the process, and maintain check lists.

Then the speaker moved on to the situation with updates at SDEK. Here the monolithic system is "sawed" into modules, the data is updated through the integration bus, and there is no redundancy. "Two years ago, the business forbade stopping the system for the purpose of updating, and IT specialists began to solve the task of updating without stopping," explains Yuri Vlasov. - We have a thousand different policies, and each must be manually rewritten from one cluster to another. This work is done by 10 people. "

Vladislav Ivanov, head of IT security, Health & Nutrition, stressed that attacks are becoming more and more difficult, and the effectiveness of information security is decreasing. In addition, he talked about how to ensure effective information security of the business without additional financial costs.

Vladislav Ivanov, Head of IT Security, Health & Nutrition

Business spends a lot of money on information security, introducing many vendor solutions, but, unfortunately, ransomware viruses remain one of the main problems over the years, and the main attack vectors have remained the same, says the speaker.

Vladislav Ivanov outlined the landscape of the main cyber threats with the following indicators: 70% of appeals to the National Coordination Center for Cyber ​ ​ Incidents are associated with ransomware viruses. 33% of attacks led to the complete unavailability of the infrastructure. 37% of attacks are implemented through phishing, and 13% - through vulnerabilities of public services. The speaker listed options for conditionally free reduction of the risk of malware infection. You can create a whitelist of sites, resources, and applications that are allowed to visit. Use Golden Image of operating systems to deploy new instances, with integrity control. You will need to correctly configure Active Directory security and proactively collect and analyze internal information about potential information security threats.

It is necessary to regularly audit the durability of domain passwords, exclude duplicate passwords on different security devices of one user. Do not forget that local users may have administrator rights - such situations should also be monitored. Another step is to install the Gophish phishing platform for phishing tests of employees in the inner loop.

Migration towards domestic products

Yuri Remezov, Director of Business Development, MIND Software, spoke about the capabilities of each product in his company's line, as well as the services provided. For example, Mind Migrate guarantees cross-platform migration of virtual servers. The speaker noted that this is a universal tool for migration, fully automating the process. It is compatible with Russian OS and platforms, and allows migration from VMware to any virtualization platform (Basis, SpaceVM, zVirt, vStack, Alt, Brest, etc.).

Yuri Remezov, Director of Business Development, MIND Software

Mind Guard provides geodistributed fault tolerance and disaster recovery. Asynchronous replication with managed data recovery rate and rate (RPO/RTO) is implemented here. Mind uStore is a software-distributed DSS system. Services include turnkey migration projects, the development and implementation of a DR plan, IT infrastructure verification, and a number of others.

The speaker cited cases, including Rostelecom's transfer of infrastructure from VMware to the Russian Basis Dynamics platform, migration to VTB of virtual desktop infrastructure from Citrix to Basis Workspace and other large-scale projects. "We support the transfer of VMware virtual machines to any virtual platforms built on the x86 architecture, and are able to build geodistributed cross-platform systems that assume simultaneous use, for example, VMware and any Russian virtual platforms," Yuri Remezov emphasized.

Dmitry Balyukov, owner of the KII Cloud product, RTK-DPC, spoke about the RTK cloud, designed for critical information infrastructure facilities. The speaker listed the sectors of the economy whose enterprises need such a cloud: metallurgy, communications, fuel and energy complex, finance, rocket and space industry, mining, military-industrial complex, healthcare, nuclear industry.

Photo 11. Dmitry Balyukov, owner of the product "Cloud KII," RTK-DPC

By placing their information systems in the "KII Cloud," clients significantly reduce the likelihood of administrative fines, criminal punishment for non-compliance with the requirements for KII data protection facilities, "Dmitry Balyukov emphasized. - We have built the second data center of KII, which is currently undergoing certification.

The "KII cloud" allows you to close such business needs as certification of client information systems, resources and scalability, consultations, increased internal expertise and, of course, import substitution of equipment and software. Dmitry Balyukov outlined the distinctive characteristics of the "KII Cloud," including:

• placement of objects of CII up to the II category of significance, GIS K1 and ISD UZ-1;
• import-substituted infrastructure, software and information security tools;
• The infrastructure of KII Clouds is connected to the State system of detection, prevention and elimination of consequences of computer attacks system.

Alexey Taranchenko, director of the Digitalization of Industry, Rostelecom, recalled what is meant by industrial automation. According to him, this is a set of processes and solutions that allows you to automatically control a particular technological process or industrial facility.

Alexey Taranchenko, Director of Digitalization of Industry, Rostelecom

In his speech, he spoke about the top-level SCADA platform for complex distributed systems with millions of I/O signals, in particular, for single dispatch, situational and analytical centers, data warehouses, integration platforms.

Tasks that can be solved through platform-based application systems include integrated video surveillance, geo-positioning with data visualization. Here it is possible to conduct industrial analytics with dashboards, carry out predictive diagnostics. Information security is not forgotten either.

For many years, industrial automation in our country has been a client, since we consumed solutions from foreign vendors, "said Alexey Taranchenko. - When difficulties began, it turned out that we do not have enough basic products in this direction. We are actively developing the direction of industrial automation, but at the same time we want not only to replace imported equipment, software, but strive to create new values, new systems that surpass foreign ones in their capabilities and technical characteristics.

The speaker noted that over the past three years, several hundred implementations of the SCADA platform have taken place. About half of them are migrations from Western solutions.

Ildar Shaidullin, leading system architect, ICL Services, stated the need to replace the widespread Microsoft System Center Service Manager system, which ceased to cope with the tasks of managing user devices as large corporations switch to domestic operating systems.

Ildar Shaidullin, Leading System Architect, ICL Services

Further, the speaker spoke about the product "Hummingbird-ARM." Initially, the product was created as a software tool for managing the IT infrastructure in order to collect information about computers, to install or remove programs and operating systems, for remote connection, and to provide a single tool to support environments with different operating systems.

Now the product is implemented as part of PAC. With it, you can implement scripts for installing and replacing software. It saves user data during migration and automates the process of installing a new OS, centrally managing this process. The architecture of the software and hardware solution "Hummingbird-AWS" is client-server. In addition to the management portal, there is a graphical visualization module where you can form a migration tracking panel for management.

At a certain point, we decided to provide users with a line of devices that are enough to enable - and the user receives a customized workplace, - comments Ildar Shaidullin. - A whole layer of tasks for setting up workplaces is removed from users and technical IT personnel.

In addition, the speaker presented the characteristics of the currently tested new products based on PAK EVO: "Light" (laptop or ultrabook), "Monolith" (monoblock), "Complex" (system unit or monitor).

Accumulated expertise

Yuri Osipov, product manager at Jatoba, Gazinformservice, spoke about the Jatoba DBMS, classic relational DBMSs with client-server architecture that he qualified as a solution for corporate information infrastructures.

Yuri Osipov, Jatoba Product Manager, Gazinformservice

DBMS has advanced information security functions of its own design, as well as documented compatibility with domestic manufacturers of application software, including 1C, Directum, information security solutions. There is a database administration and maintenance system with a graphical interface. It is possible to use DBMS for systems with OLTP, OLAP and mixed load profile.

Jatoba DBMS was released in 2019 precisely as a database with enhanced security mechanisms, initially for the information security service, where information from DLP systems flocks, - said Yuri Osipov.

The speaker paid special attention to the security of the data stored in the Jatoba DBMS, to ensuring their confidentiality, integrity and accessibility. Privacy is achieved by a set of built-in tools, including restriction of superuser rights, advanced password policies and a number of others. Data Base is developed on the basis of PostgreSQL, certified by FSTEC in 4 levels of trust. The product is included in the Register of the Ministry of Digital Development.

Alexander Kuznetsov, Deputy Head of Marketing Department, ELAR, spoke about the robotic optical drives ELAR HCM. Such drives, according to the speaker, provide data storage for a period of more than 50 years, protection against any threats, give a low cost of storage and have two configurations: for the data center (long-term storage segment) - 1036 TB, and for institutions (creation of insurance funds) - 56 TB.

Alexander Kuznetsov, Deputy Head of Marketing Department, ELAR

Our solutions do not replace traditional storage tools, but complement them, providing long-term storage of critical information, as well as the one that regulators require to be stored almost indefinitely, says Alexander Kuznetsov.

Alexander Nesterov, project manager, VK Tech, spoke about PAK Private Cloud. It is a comprehensive, ready-to-implement solution for creating a secure and efficient IT infrastructure that minimizes costs and ensures business reliability.

Alexander Nesterov, Project Manager, VK Tech

The speaker listed the delivery options for Private Cloud. It can be PAC from the Register of the Ministry of Digital Development, PAC with equipment registered in the Ministry of Industry and Trade, on the basis of other Russian or foreign equipment.

Alexander Nesterov also named the technical characteristics of the platform. Here is the Private Cloud software - a private cloud with integrated PaaS, preinstalled in the production of PAC. The hardware plan uses servers optimized for cloud tasks, as well as optional disk storage systems and switching equipment. The number of vCPUs is from 144 units, vRAM - from 720 GB, S3 - from 20 TB.

Private Cloud Private Cloud is a platform with layers IaaS, PaaS, XaaS, as well as a database management layer, "explained Alexander Nesterov.

The manufacturer and integrator partner promise warranty and service services for PAC. In conclusion, the speaker cited cases of introducing the Private Cloud platform in AvtoVAZ and Gazprom Neft.

During the break and at the end of the conference, the participants talked informally, and also had the opportunity to familiarize themselves with the solutions and services of IT suppliers at the stands deployed in the event hall.